One more (big) step to make Identity work ...

One more (big) step to make Identity work ...

WS-* or REST? Is there an epic battle? How does Microsoft think about a big chunk of the web development community ignoring the beloved WS-* specs and preferring "HTTP programming"? Answer: We think that people make these choices of good reasons and we like and support any way you want to write services. As a matter of fact, we're engaging with the community to make both, the WS-* stack and the HTTP/REST better to work with and make them a safer environment for, well, everyone.

In the spirit of the last statement, Bill Gates has just announced at the RSA conference (and our Chief Identity Architect Kim Cameron blogged) that we're working with JanRain, Sxip, and VeriSign to integrate CardSpace with OpenID and help making OpenID more resistant against phishing attacks by allowing relying parties to request and be informed of the use of phishing resistant credentials. We'll also integrate OpenID into future Identity products. On the OpenID side, you can expect direct support for CardSpace Information Cards on infrastructures that use the OpenID products from these vendors.

If you ask me, that's pretty big. But working here it's not as much of a surprise as it might be for people on the outside. We're very closely looking at what the community is building and asking for and if we see technologies or initiatives out there that gain lots of traction (such as REST programming, JSON or OpenID) I don't see a "wasn't invented here" attitude around anymore around here these days. We'll have REST support and JSON support (and RSS and Atom) in the next version of the .NET Framework and we'll have broad support for OpenID in our Identity infrastructure. At the same time we'll continue to work with industry partners to make the enterprise-messaging features in WS-* work better and, as demonstrated by the OpenID announcement, that "WS-* stuff" actually comes to the rescue of OpenID for phishing defense.